Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect CVE-2024-3400
This report details the discovery and exploitation of a critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks GlobalProtect firewall appliances allowing remote code execution. The threat actor tracked as UTA0218 exploited this flaw to compromise devices exfiltrate data and move laterally within victims networks. The report analyzes the UPSTYLE backdoor used post-exploitation activities infrastructure detection methods and response recommendations.